formbook | 53dced2862d890b9c606cf475d09241f33dda53eb131af8a501ce1453b0aa56d | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...70.rtf

windows7-x64

SecuriteIn...70.rtf

windows10-2004-x64

1

Sharing

General

Target

SecuriteInfo.com.Exploit.CVE-2018-0798.4.6123.12270.rtf
Size

3KB
Sample

221207-symjmaad6y
MD5

7a7d9b82e6d26b4d575ac0a5cd93faff
SHA1

ce64d85889744473fa305c3e51cd50c58fb4a7ce
SHA256

53dced2862d890b9c606cf475d09241f33dda53eb131af8a501ce1453b0aa56d
SHA512

a08071efa1b27bb0d423d7b0670c8a6b1020dbf875a373676c4052e84b935d87a617ad77e1765117eb1883eb26ed43f88f3fe89de70c73661f9b721e6cda110c

Score

10^/10

formbook 8rmt rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Exploit.CVE-2018-0798.4.6123.12270.rtf

Resource

win7-20220812-en

formbook 8rmt rat spyware stealer trojan

windows7-x64

25 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Exploit.CVE-2018-0798.4.6123.12270.rtf

Resource

win10v2004-20221111-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

8rmt

Decoy

3472cc.com

takecareyourhair.com

kontolajigasd21.xyz

daihaitrinh.net

syncmostlatestinfo-file.info

lovesolutionsastrologist.info

angelapryan.com

rio727casino.com

jjsgagets.com

devyatkina.online

thegoldenbeautyqatar.com

czytaj-unas24live.monster

timepoachers.com

gayxxxporn.site

72308.xyz

kristanolivo.com

hijrahfwd.com

bmfighters.com

alfamx.website

handfulofbabesbows.com

nationalsocialism.link

mega-recarga-arg.com

rytstack.com

kfav77.xyz

rrexec.net

linetl.top

freedomcleaningusa.com

abofahad3478.tokyo

teamvalvolineeurope.com

kyty4265.com

afrikannaland.info

dharmatradinguae.com

bqylc.buzz

lifeprojectmanager.pro

streeteli.site

68fk.vip

wasemanntrucking.com

auracreitarusblog.com

dfgzyt.cyou

tecnotuto.net

ookkvip.com

247repairs.info

tyvwotnmrlpjgl.biz

courtneymporter.com

gildainterior.com

papiska.xyz

sparrow.run

tyh-group.com

april-zodiac-sign.info

kiaf1.site

cooleyes.live

partasa.com

connecticutinteriors.com

thelovehandles.us

netinseg.website

diaryranch.xyz

serenaderange.com

milano.icu

vapeseasy.com

hengruncosmetics.com

vlashon.com

masberlian.ink

djayadiwangsa.store

nicneni.xyz

ym2668.top

Targets

- Target
  
  SecuriteInfo.com.Exploit.CVE-2018-0798.4.6123.12270.rtf
- Size
  
  3KB
- MD5
  
  7a7d9b82e6d26b4d575ac0a5cd93faff
- SHA1
  
  ce64d85889744473fa305c3e51cd50c58fb4a7ce
- SHA256
  
  53dced2862d890b9c606cf475d09241f33dda53eb131af8a501ce1453b0aa56d
- SHA512
  
  a08071efa1b27bb0d423d7b0670c8a6b1020dbf875a373676c4052e84b935d87a617ad77e1765117eb1883eb26ed43f88f3fe89de70c73661f9b721e6cda110c
Score

10^/10

formbook 8rmt rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

formbook8rmtratspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy